This Page Is Inserted by IFW Operations 
and is not a part of the Official Record 



BEST AVAILABLE IMAGES 

Defective images within this document are-accurate representations of the 
original documents submitted by the applicant. 

Defects in the images may include (but are not limited to): 

• BLACK BORDERS 

f 

• TEXT CUT OFF AT TOP, BOTTOM OR SIDES 

• FADED TEXT 

• ILLEGIBLE TEXT 

• SKEWED/SLANTED IMAGES 

• COLORED PHOTOS 

• BLACK OR VERY BLACK AND WHITE DARK PHOTOS 

• GRAY SCALE DOCUMENTS 

IMAGES ARE BEST AVAILABLE COPY. 



As rescanning documents will not correct images, 
please do not report the images teethe 
Image Problems Mailbox. 



MAI . 

DDSSIER 



(19) 




Hilllllllllllilll 



(12) 



(43) Date of publication: 

09.1 2.1 998 Bulletin 1 998/50 

(21 ) Application number: 97303882.1 

(22) Date of filing: 05.06.1997 



Europaisches Patentamt 
European Patent Office 
Off ice europeen d s brevets (11) EP 0 883 318 

EUROPEAN PATENT APPLICATION 

(51) Int. CI. 6 : 7/38, H04L 9/32 



(84) Designated Contracting States: 

AT BE CH DE DK ES Fl FR GB GR IE IT LI LU MO 
NL PT SE 

Designated Extension States: 
AL LT LV RO SI 

(71 ) Applicant: ICO Services Ltd. 
London W6 9BN (GB) 



(72) Inventor: Brand, Paul 

London, SW15 6UZ (GB) 

(74) Representative: 

Read, Matthew Charles et al 
Venner Shipley & Co. 
20 Little Britain 
London EC1 A 7DH (GB) 



(54) User authentication tor roaming between mobile teflecommumicaltiions networks 



(57) A dual mode user terminal UT 1 can roam from 
an IS-41 PLMN 9 to a GSM type network, comprising a 
satellite network, so that the satellite network can be 
provided as a roamed, extension of the PLMN. In order 
to provide end-to-end authentication, an IS-41 chal- 
lenge is transmitted to the handset through the satellite 
network, packaged as a GSM, USSD or SMS, the 



resulting response produced at user terminal UT 1 is 
packaged as a GSM, USSD or SMS and transmitted 
through the satellite network to an interworking function 
unit 32. The AUTHR together with the challenge are 
transmitted to the authentication centre AC of the PLMN 
9, so that end-to-end authentication can be carried out. 
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Description 

This invention relates to authenticating a mobile 
user terminal that has roamed from one telecommuni- 
cations network to another and has particular but not 
exclusive application to authentication when roaming 
from an IS-41 network such as a DAMPS network, to 
one which uses GSM authentication techniques, such 
as a satellite telecommunication network. 

Terrestrial mobile telecommunications systems are 
well known and a number of different systems have 
developed which operate according to different stand- 
ards. These public land mobile networks (PLMNs) may 
operate according to analog or digital standards. In 
Europe, the Ear East, excluding Japan and elsewhere, 
the digital Global System Mobile (GSM) network has 
become popular, whereas in USA, networks which 
operate according to the IS-41 recommendations such 
as the Advanced Mobile Phone System (AMPS) and the 
Digital American Mobile Phone System (DAMPS) are 
used. In Japan, the Personal Handiphone System 
(PHS) and the Personal Digital Communication (PDC) 
network are in use. More recently, proposals have been 
made for a Universal Mobile Telecommunications Sys- 
tem (UMTS). These networks are all cellular and land- 
based but have differences in architecture and use dif- 
ferent signalling protocols and transmission frequency 
bands. 

Considering for example the GSM system, individ- 
ual cells of the mobile network are served by a series of 
geographically spaced, terrestrial base transceiver sta- 
tions (BTSs) which are coupled through base station 
controllers (BSCs) to a mobile switching centre (MSG) 
which may provide a gateway out of the network to a 
conventional public switched telephone network 
(PSTN). The network includes a home location register 
(HLR) which stores information about the subscribers to 
the system and their user terminals. When a user termi- 
nal is switched on, it registers with the HLR and an 
authentication procedure is carried out. Each mobile 
user terminal is provided with a smart card known as a 
subscriber identification module (SIM) which stores two 
unique items of identification in order to identify the sub- 
scriber. The first item comprises an international mobile 
subscriber identity (IMSl) and second item comprises a 
secret parameter referred to in the GSM specifications 
as Ki. Associated with the HLR is an authentication cen- 
tre (AuC) which includes data corresponding to the IMSl 
and Ki for each subscriber to the network. When the 
user terminal is switched on, and at other times, the 
IMSl is transmitted from the user terminal to the HLR, 
which then refers to the AuC in order to authenticate the 
user The IMSl is checked in the memory of the AuC, 
and a corresponding value of Ki is retrieved. Also, a ran- 
dom number RAND is generated in the AuC. The ran- 
dom number RAND and the value of Ki are applied as 
inputs to an algorithm referred to in the GSM Specifica- 
tions as A3 to generate a signed result SRES. The AuC 



also includes an algorithm referred to in the GSM Spec- 
ifications as A8 which generates a secret key Kc that is 
used for encryption/decryption of data transmitted over 
the air between the user terminal and the land-based 

5 network. In practice, the algorithms A3/A8 may be con- 
stituted by a single algorithm producing a 96 bit output 
of which 32 bits constitute SRES and the remaining 64 
bits constitute Kc. A triplet of signals comprising RAND, 
SRES and Kc is fed from the AuC, through the HLR to 

io the MSC, which acts as a checking station in the 
authentication procedure. 

The individual value of RAND is then transmitted on 
to the user terminal through the network from the MSC. 
The SIM of the user terminal has the algorithm A3/A8 

15 stored locally, so as to generate a corresponding value 
of SRES' and Kc at the user terminal, from the received 
value of the random number RAND and the stored value 
of Ki in the SIM. 

The value of SRES' is transmitted back through the 

20 network to the MSC and compared with the originally 
generated value of SRES. If they are the same, the user 
terminal is authenticated but otherwise registration of 
the user terminal with the HLR is barred. 

Thereafter, if the user terminal is authenticated the 

25 MSC initiates encryption/decryption of data transmitted 
over the network, using an enciphering/deciphering 
algorithm referred to in the GSM Specifications as A5, 
which uses as its inputs the secret key Kc and the frame 
number of data transmitted through the network. The 

30 SIM of the user terminal generates its own value of the 
secret key Kc using its locally stored copy of the algo- 
rithm A8. The local value of Kc at the user terminal can 
then be used to encrypt/decrypt data transmitted, using 
a locally held copy of the algorithm A5. 

35 The authentication procedure used in GSM has the 
advantage that only random numbers are transmitted 
over the air interface between the user terminal and the 
BTS, which minimises the risk of fraudulent registration. 
For further details of the authentication procedure 

40 and subsequent data encryption/decryption, reference 
is directed to "The GSM System for Mobile Communica- 
tions" M. Mouly & M-B. Pautet, Cell & Sys.1992 pp 477- 
492. 

If the user terminal roams to a different GSM net- 
45 work, in a different geographical location, it registers 
with a visitor location register (VLR) of the visited net- 
work, which communicates with the HLR of the home 
network for billing and other purposes. 

Considering now the networks which operate 
so according to the IS-41 recommendations, a number of 
base stations BS are connected to a MSCA/LR, coupled 
to an HLR in a generally similar configuration to a GSM 
network. Associated with the HLR is an authentication 
centre AC. Each mobile hand set includes a numeric 
55 address module (NAM) which stores an individual 
mobile identity number (MIN) together with a secret key 
known as the A-key. The authentication centre AC main- 
tains a list of the A-keys associated with the MINs for the 
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user terminals which are registered with the network. 
Authentication for an IS-41 network makes use of a so- 
called CAVE algorithm. The CAVE algorithm makes use 
of so-called shared secret data SSD, which is generated 
from the A-key and M IN for each user terminal. 

To perform authentication, initially, the authentica- 
tion centre AC transmits to the user terminal, a request 
that the SSD is updated. The SSD is then updated both 
at the user terminal and at the authentication centre AC. 
A feature of the SSD is that it is not possible to obtain 
details of the A-keys from the SSD. 

Then, the MIN is transmitted from the user terminal 
to the MSC which, in turn generates a challenge in the 
form of a random number RAND which is transmitted 
back to the user terminal. The CAVE algorithm is then 
run at the user terminal using the current value of SSD 
and RAND to produce an authorization response 
AUTHR, which is then transmitted back over the net- 
work to the MSC. The current value of MIN, RAND and 
AUTHR are transmitted through the network to the AC 
and the CAVE algorithm is run, using the local value of 
SSD and RAND received from the MSC. Thus, the 
value of AUTHR is produced at the AC, which can be 
compared with the value of AUTHR received from the 
user terminal. If they are the same, a successful authen- 
tication has been achieved, but if they are different, a 
response is sent to the MSC to cancel the registration of 
the user terminal from the VLR. Alternatively, the AC 
may be entrust the SSD to the MSC, allowing the MSC 
to run the CAVE algorithm using SSD and RAND and 
comparing the result to provide AUTHR without refer- 
ring back to the AC, 

Although the authentication procedure is generally 
similar to the procedure used in GSM, it is different in 
detail, and the procedures are not compatible. 

Mobile telecommunication systems have been pro- 
posed that use satellite communication links between 
mobile user terminals and conventional terrestrial net- 
works such as PSTNs and PLMNs. One network known 
as the IRIDIUM ™ satellite cellular system is described 
in EP-A-0365885 and US Patent No. 5 394 561 
(Motorola), which makes use of a constellation of so- 
called low earth orbit (LEO) satellites, that have an 
orbital radius of 780 km. Mobile user terminals such as 
telephone handsets establish a link to an overhead 
orbiting satellite, from which a call can be directed to 
another satellite in the constellation and then typically to 
a ground station which is connected to conventional 
land-based networks. 

Alternative schemes which make use of so-called 
medium earth orbit (MEO) satellite constellations have 
been proposed with an orbital radius in the range of 10- 
20,000 km and reference is directed to Walker J.G. 
"Satellite Patterns for Continuous Multiple Whole Earth 
Coverage" Royal Aircraft Establishment, pp 119-122 
(1977). Reference is directed to the ICO ™ satellite cel- 
lular system described for example in GB-A-2 295 296, 
and to the ODYSSEY ™ satellite cellular system 



described in EP-A- 0 510 789. With these systems, the 
satellite communication link does not permit communi- 
cation between adjacent satellites and instead, a signal 
from a mobile user terminal such as a mobile handset is 

5 directed firstly to the satellite and then directed to a 
ground station or satellite access node (SAN), con- 
nected to conventional land-based telephone network. 
This has the advantage that many components of the 
system are compatible with known digital terrestrial cel- 

w lular technology such as GSM. Also simpler satellite 
communication techniques can be used than with a 
LEO network. 

In satellite communications networks, ground sta- 
tions are located at different sites around the world in 

is order to communicate with the orbiting satellites. In the 
ICO™ system and others, a visitor location register is 
associated with each of the satellite ground stations, 
which maintains a record of the individual user termi- 
nals that are making use of the particular ground sta- 

20 tion. 

The visitor location registers communicate with a 
home location register for the satellite network. User ter- 
minals are authenticated for use with the satellite net- 
work in a similar way to a conventional land based 
25 network. For example, the ICO™ system uses an 
authentication procedure corresponding to GSM 
authentication used for conventional land based GSM 
networks. 

In certain areas of the world, coverage provided by 

30 a conventional terrestrial PLMN and the satellite net- 
work will overlap in a common area. It has been pro- 
posed that the individual mobile terminals be operable 
with both the PLMN and the satellite network. The user 
terminals may include a switch to allow the user to 

35 select the network or alternatively, an automatic selec- 
tion may be made e.g. on the basis of signal strength. It 
is envisaged that normally, the conventional terrestrial 
network will be preferred for reasons of cost and signal 
strength but that the user will roam to the satellite net- 

40 work when outside of the coverage area of the PLMN. 
Thus, the satellite network service can be offered to 
subscribers by the operator of the PLMN and billing for 
use of the satellite service can be carried out through 
the facilities already in place for the PLMN. 

45 However, a secure authentication procedure is 
required when the subscriber roams from the PLMN to 
the satellite network, to ensure that when charges for 
use of the satellite service are passed to the operator of 
the PLMN, they are accurately attributed to individual 

so subscribers, without significant risk of fraud. A problem 
arises in achieving authentication when the two net- 
works use different authentication protocols, and the 
invention addresses this issue. 

In a first aspect, the invention provides a method of 

55 authenticating a user terminal which has roamed from a 
first network that uses a first authentication protocol, to 
a second network that uses a second, different authen- 
tication protocol, comprising: transmitting an authenti- 
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cation challenge to the user terminal according to the 
protocol of the first network, through the second net- 
work, providing a response at the user terminal to the 
challenge in accordance with the first authentication 
protocol, transmitting the response through the second 5 
network, to a checking station, and comparing the 
response at the checking station with corresponding 
authentication data for the first network according to the 
first protocol so as to authenticate the user terminal 
according to the first protocol for use with the first net- 10 
work. 

The authentication challenge may be transmitted to 
the user terminal through the second network, pack- 
aged as a message in a data format pertinent to the 
second network. 15 

The first network may be configured in accordance 
with IS-41 recommendations, and the second network 
may be configured in accordance with GSM recommen- 
dations in which case, the challenge and the response 
may be packaged as a USSD or SMS for transmission 20 
through the GSM network. 

The method according to the invention may include 
authenticating the roamed user terminal for use with 
said second network in accordance with the second 
protocol, and only authenticating the terminal in accord- 25 
ance with the first protocol if the authentication accord- 
ing to the second protocol is successful. The 
authentication for the second network may include 
transmitting an initial authentication challenge to the 
user terminal according to the protocol of the second 30 
network, through the second network, providing a 
response at the user terminal to the challenge accord- 
ing to a predetermined algorithm in accordance with the 
second authentication protocol, transmitting the 
response through the second network to a checking sta- 35 
tion for the second network, and comparing the 
response at the checking station for the second network 
with authentication data according to the second proto- 
col to authenticate the user terminal for use with the 
second network. 40 

The second network may comprise a satellite net- 
work. 

The invention also includes a user terminal for 
roaming from a first network that uses a first authentica- 
tion protocol, to a second network that uses a second, 45 
different authentication protocol, comprising: a receiver 
to receive an authentication challenge according to the 
protocol of the first network, through the second net- 
work, means operative to provide a response to the 
challenge in accordance with the first authentication so 
protocol, and a transmitter operative to transmit the 
response through the second network, for permitting the 
response to be compared at a remote checking station 
with corresponding authentication data for the first net- 
work according to the first protocol, for authenticating 55 
the user terminal according to the first protocol, for use 
with the first network. 

The user terminal according to the invention may 



further include: a receiver to receive an authentication 
challenge according to the protocol of the second net- 
work, through the second network, means operative to 
provide a response to the challenge in accordance with 
the second authentication protocol, and a transmitter 
operative to transmit the response through the second 
network, for permitting the response to be compared at 
a remote checking station with corresponding authenti- 
cation data for the second network according to the sec- 
ond protocol, for authenticating the user terminal 
according to the second protocol, for use with the sec- 
ond network 

The invention further includes a user terminal oper- 
ative according to GSM recommendations and IS-41 
recommendations, and responsive to an IS-41 chal- 
lenge packaged as a USSD or SMS, to produce a IS-41 
response, transmitted as a SMS or USSD. 

In accordance with the invention an interworking 
function unit may be provided for providing interworking 
between a first and second telecommunications net- 
works operative according to a first and second different 
sets of recommendations with respective first and sec- 
ond authentication protocols, for use in authenticating a 
user terminal which has roamed from the first network 
to the second network, the unit comprising: means for 
routing an authentication challenge according to the 
protocol of the first network, towards a user terminal, 
through the second network; means to receive from the 
user terminal, through the second network, a response 
to the challenge in accordance with the first authentica- 
tion protocol; and means for routing the response in a 
format in accordance with the recommendations for the 
first network, towards a checking station at which it is 
compared with corresponding authentication data for 
the first network according to the first protocol so as to 
authenticate the user terminal for use with the first net- 
work. 

In order that the invention may be more fully under- 
stood, an embodiment thereof will now be described by 
way of example with reference to the accompanying 
drawings, in which: 

Figure 1 is a schematic diagram of a satellite tele- 
communications system together with a local, land- 
based mobile telecommunications system, in 
accordance with the invention; 
Figure 2 is a more detailed block diagram of the sat- 
ellite network in the vicinity of SAN 1 and the asso- 
ciated terrestrial cellular network, for illustrating 
interworking; 

Figure 3 is a schematic block diagram illustrating 
intercommunication within the satellite network; 
Figure 4 is a schematic diagram of a mobile user 
terminal; 

Figure 5 is a schematic block diagram of the circuits 
of the terminal shown in Figure 4; 
Figure 6 is a schematic block diagram of the SIM 
card shown in Figures 4 and 5; 
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Figure 7 is a schematic block diagram of the inter- 
working unit 32 shown in Figure 2; 
Figure 8 is a schematic flow chart for convention IS- 
41 authentication for the PLMN 9; 
Figure 9 is a flow chart of an alternative authentica- 5 
tion procedure for the PLMN 9; 
Figure 10 is a schematic flow chart of GSM-type 
authentication in the satellite network; 
Figure 1 1 is a schematic general flow chart of the 
authentication procedure when the user terminal 10 
roams for the IS-41 network 9, to the satellite net- 
work; 

Figure 12 is a schematic flow diagram of a SSD 
update performed in the authentication shown in 
Figure 11 ' 5 
Figure 13 is a schematic flow diagram for end-to- 
end authentication, performed after the SSD 
update of Figure 12, in accordance with the inven- 
tion; 

Figure 14 is a flow chart of a modified end-to-end 20 
authentication; and 

Figure 1 5 is a schematic diagram of a USSD includ- 
ing an IS-41 challenge. 

Satellite Network 25 

Referring to Figure 1 . a schematic block diagram of 
a satellite mobile telecommunication network is shown 
corresponding generally to the ICO™ network. A mobile 
user terminal UT 1 in the form of a mobile telephone 30 
handset can communicate on a radio channel over a 
communication path 1, 2 via an earth orbiting satellite 
3a with a land-based satellite access node SAN 1 . As 
shown schematically in Figure 1 , SAN 1 is provided with 
an antenna 4 which can track the orbiting satellite. 35 

A number of the satellite access nodes SAN 1 , 2, 3, 
etc are connected together to form a backbone network 
5, which is connected through a number of gateways 
GW 1,2,3, etc to conventional land-based telephone 
networks. For example, considering the gateway GW1, 
it is connected to a land-based public switch telephone 
network (PSTN) 6, which permits connection to be 
made to a conventional telephone set 7. The gateway 
GW1 is additionally connected to a public switch data 
network (PSTN) 8 and a public local mobile network 
(PLMN) 9. Each of the gateways GW 1,2,3 may com- 
prise commercially available mobile switching centres 
(MSCs) of the type used in GSM networks. 

For a fuller understanding of GSM, reference is 
directed to the various GSM Recommendations issued 
by the European Telecommunications Institute (ETSI). 
Also reference is directed to "The GSM System for 
Mobile Communications" by M. Mouly and M-B. Pautet, 
supra, for a more easily understandable synopsis 

As shown in Figure 1 . the handset UT 1 can also 
communicate with the conventional land-based mobile 
network PLMN 9, which is shown schematically to 
include a transceiver station 10 that establishes a 



duplex link 1 1 with the user terminal UT 1. In this exam- 
pie, the PLMN 9 is a IS-41 based network such as a D- 
AMPS network.. 

The satellite network is designed to provide world- 
wide coverage and the satellites 3a, 3b form part of a 
constellation of satellites, which may be arranged in 
several orbits. In one example, two orbits of five satel- 
lites are used, which can be shown to provide coverage 
of a major part of the surface of the earth, in which for a 
10° satellite elevation angle, one satellite can be 
accessed by the mobile handset all of the time and two 
satellites can be accessed for at least 80% of the time, 
thereby providing system diversity. Further satellites 
may be included in the constellation in order to provide 
additional redundancy and diversity. 

The satellites are typically arranged in a MEO con- 
stellation, for example with an orbital radius of 10,355 
km, although the invention is not restricted to a particu- 
lar orbital radius. In this embodiment, satellites 3a, 3b 
are shown in a common orbit and the satellites are 
tracked by the antenna arrangement of each SAN. Typ- 
ically, each SAN includes five antennas for tracking indi- 
vidual satellites of the constellation. The SANs are 
spaced around the earth in order to provide continuous 
coverage. In the example shown, SAN 1 may be located 
in Europe whereas SAN 2 may be located in Africa, 
SAN 3 in America and other SANs may be located else- 
where. In Figure 1 . the SAN 2 is shown communicating 
with user terminal UT 2 via satellite 3b. For further 
details of the satellite network, reference is directed to 
GB-A-2 295 296. 

The satellites 3a, 3b are in non-geostationary orbits 
and comprise generally conventional satellites such as 
the Hughes HS 601 and may include features disclosed 
in GB-A-2 288 913. Each satellite 3a, 3b is arranged to 
generate an array of beams covering a footprint on the 
earth beneath the satellite, each beam including a 
number of different frequency channels and time slots 
as described in GB-A-2 293 725. The beams thus pro- 
vide adjacent cellular areas which correspond to the 
cells of a conventional land-based mobile telephone 
network. The satellites are controlled by means of a sat- 
ellite control centre (SSC) 12 and a tracking telemetry 
and control station (TT&C) 13, which are connected to a 
network management centre 14 through a digital net- 
work 15 that is coupled to the backbone network 5. The 
SSC 12 and the TT&C 13 control operation of the satel- 
lites 3a, 3b, e.g. for setting the transmission power lev- 
els and transponder input tuning, as directed by the 
NMC 14. Telemetry signals for the satellites 3a, 3b are 
received by the TT&C 1 3 and processed by the SSC 12 
to ensure that the satellites are functioning correctly. 

During a telephone call, the handset UT 1 , 2 com- 
municates with the satellite 3a, 3b via a full duplex chan- 
nel comprising a down link channel and an up link 
channel. The channels include TDMA time slots on fre- 
quencies allocated on initiation of the call. 

Referring to Figure 2, the configuration of SAN 1 
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and the local PLMN 9 is shown in more detail. SAN 1 
consists of a land earth station LES 1 which is coupled 
to the five dish antennas 4 for tracking the satellites, the 
LES 1 including transmitter and receiver circuits with 
amplifiers, multiplexers, demultiplexer and codecs. A 
mobile satellite switching centre MSSC 1 is coupled to 
LES1 and to a satellite visitor location register VLR SAT 1 . 
MSSC 1 couples communication signals (voice and 
packet data) to the backbone network 5 and to the LES 
1 , so as to allow individual telephone calls to be estab- 
lished through the backbone network 5 and the duplex 
communication link 1, 2 via the satellite 3a, to the 
mobile terminal UT 1. The MSSC 1 responds to 
addresses on incoming communication signals from the 
antenna 4 to route the signals appropriately to their des- 
tinations. 

The VLRsat 1 maintains a record of each of the 
subscribers, namely the IMSIs of each of the user termi- 
nals UT that are making use of the SAN 1 for signal 
communication. 

The MSSC 1 is connected to the gateway GW1 so 
as to provide an output connection to PLMN 9, together 
with PSDN 8 and PSTN 6 shown in Figure 1 . Thus, typ- 
ically, the packet data will be fed to and from the PSDN 
8 and voice signals will be communicated to and from 
the network PLMN 9 or PSTN 6. It will be understood 
that all the SANs are of similar construction with a 
respective VLR S at to maintain a record of the subscrib- 
ers registered. 

Referring to Figure 3, the satellite network also 
includes a database 1 7 referred to herein as the satellite 
home location register (HLR SAT ) that contains records 
relating to each mobile user terminal UT The record 
includes the terminal's identity, namely, its IMSI, the 
geographical location of the UT, the home MSSC with 
which the UT is registered, so as to enable billing and 
other data to be collected at a single point, and the cur- 
rently active SAN with which the UT is in communication 
via a satellite. The HLR SAT 17 may be located at the 
NMC 14 shown in Figure 1 or may be distributed among 
the SANs 1. 2, 3 etc. Associated with the HLR SAT 17 is 
an authentication centre AuC which stores the secret 
parameter Ki and the associated IMSI for each sub- 
scriber to the satellite network, in accordance with the 
GSM Recommendations in order to authenticate the 
subscriber for use with the satellite network. 

IS-41 Network (PLMN 9) 

Referring again to Figure 2, the IS-41 mobile net- 
work 9 comprises a DAMPS network and includes a 
number of base transceiver stations BS 1 , 2, 3 etc which 
are geographically spaced apart in order to support a 
cellular network in a manner well known per se Typi- 
cally, the IS-41 network 9 has a coverage area that over- 
lies a country or state, and thus overlaps with the global 
coverage of the satellite network. BS 1 is shown with an 
associated antenna 10. connected by a landline to a 



mobile switching centre MSC 1 which can route calls 
within the mobile network and also through a gateway 
GMSC 1 to a conventional PSTN over line 18, or to the 
satellite network, over line 19 through the gateway GW 

5 1- 

A home location register HLR for the land-based IS- 
41 network 9 is provided, coupled to the GMSC 1. The 
HLR, in a conventional manner, keeps a record of the 
identities of the user terminals registered for use with 

10 the network, known in the nomenclature of IS-41 as the 
module identity number (MIN). The PLMN 9 may also 
include a visitor location register VLR which maintains a 
record of subscribers temporarily registered with the 
network, that have roamed from other IS-41 networks. 

75 For example, if the PLMN 9 is sited in one geographic 
region of the USA e.g. California, subscribers from an 
IS-41 network in another geographic region e.g. New 
York State, may be locally registered on a temporary 
basis whilst in California. In a conventional manner, tel- 

20 ephone usage information is relayed from the VLR in 
California through the PSTN 6 to the New York network 
for billing purposes. 

An authentication centre AC is coupled to the HLR. 
The AC includes a database of secret keys, known as A 

25 keys, that are uniquely associated with the MINs of indi- 
vidual user terminals, together a CAVE algorithm in 
accordance with the IS-41 recommendations. This 
stored data is used to authenticate a user terminal, such 
as the terminal UT 1 , as will be explained in more detail 

30 hereinafter. 

For further details of the IS-41 recommendations, 
reference is directed to the textbook: Mobile Telecom- 
munications Networking with IS-41, by M.D. Gallagher 
& R.A. Snyder, McGraw Hill 1997 [ISBN 0-07-063314- 

35 2]. 

Mobile user terminal 

Referring to Figures 4 and 5, the mobile user termi- 

40 nal UT 1 is configured to operate with both the local ter- 
restrial cellular network and the satellite network. Thus, 
in the example shown in Figure 2, the mobile handset 
UT 1 can operate either according to a land-based IS- 
41 protocol such as D-AMPS or according to the satel- 

45 lite network protocol, which generally corresponds to a 
GSM protocol. As shown in Figure 4, the user terminal 
UT 1 comprises a mobile handset which is capable of 
dual mode operation. It includes conventional IS-41 cir- 
cuits for use with the land-based cellular network 9 

so together with similar, GSM type circuitry for use with the 
satellite network. The handset comprises a microphone 
20, a speaker 21, a battery 22, a keypad 23, antennas 
24a, 24b for use with the IS-41 and satellite networks 
respectively, and a display 25 which can be used 

55 amongst other things, for displaying messages transmit- 
ted to the terminal over the digital packet data network, 
via the satellite link. The handheld unit UT 1 also 
includes a subscriber identification module (SIM) smart 



6 

< E P 088331 8A 1 J _ > 



11 



EP 0 883 318 A1 



12 



card 26, primarily for use with the satellite network. 

The circuit configuration of the handset UT 1 is 
shown in block diagrammatic form in Figure 5. The SIM 
card 26 is received in an SIM card reader 27 coupled to 
a controller 28. typically a microprocessor. The micro- 
phone and speaker 20, 21 are coupled to codecs 29a, 
29b for use with the IS-41 and satellite networks respec- 
tively, coupled to respective conventional radio inter- 
faces 30a, 30b and respective antennas 24a, 24b so as 
to transmit and receive communication signals, in a 
manner well known perse for the IS-41 and the satellite 
networks. 

For the satellite network, the SIM card-26 includes 
a memory M 1 , shown in Figure 6, which stores an indi- 
vidual IMSI together with the secret identification func- 
tion Ki which is unique to the SIM, and the algorithms 
A3/A8 and AS in accordance with the GSM Recommen- 
dations, for authentication purposes, as will be 
described later. 

For the IS-41 network, the user terminal includes a 
numeric address module (NAM) 31 in accordance with 
the IS-41 recommendations, which stores the individual 
MIN and A key for the handset. Also, a memory M 2 
associated with the controller 28, stores the CAVE algo- 
rithm, used for authentication, to be described hereinaf- 
ter. 

Network selection 

As described previously, the networks can be 
selected in a number of different ways, either automati- 
cally depending on factors such as signal strength or 
manually. In this example, for ease of explanation, the 
networks are described as being selected manually, by 
the use of a key on the keypad 23. 

When the keypad 23 is operated to select the IS-41 
network, the controller 28 selects the codec 29a and the 
radio interface 30a so that UT 1 operates at a frequency 
and according to a protocol for the land based IS-41 
network 9, over the duplex link 11. When the satellite 
network is selected, the controller 28 selects the codec 
29b and the radio interface 30b so that UT 1 operates at 
a frequency and according to a protocol suitable for the 
satellite network and communication takes place over 
the duplex links 1 , 2 via the satellite 3a. 

Network interworking 

When the user terminal roams outside of the cover- 
age area of the PLMN 9 or when it is desired to use 
services available through the satellite network which 
are not available through the IS-41 network, calls from 
the land based mobile network 9 are directed to the user 
terminal UT 1 through the satellite network. An inter- 
working function unit (IWF) 32 shown in Figure 2 is pro- 
vided for this purpose, permitting full control over the 
service provision between the satellite and cellular land- 
based networks. The IWF 32 is coupled between the 



HLR of the PLMN 9 and the VLRs SAT of the satellite net- 
work, as shown in Figure 2. The IWF 32 is shown in 
more detail in Figure 7 and comprises a VLR 1wF con- 
nected to the HLR of PLMN 9, together with a HLR| WF 

5 that is coupled to the individual VLRs S at o f the satellite 
network. In Figure 7, the HLR| WF is shown coupled to 
VLR SAT 1 on line 33 and a schematic connection to the 
other VLRssat is shown as line 34. 

The HLR, WF includes a database of IMSIs for sub- 

w scribers to the satellite service together with corre- 
sponding MINs for the user terminals that can be used 
with the land-based IS-41 network 9, tor use in authen- 
tication, as will be described later. 

15 Service Provision 

The network configuration permits service provid- 
ers to offer services to a subscriber in a number of dif- 
ferent ways. One way is to provide a conventional PLMN 

20 service through the network 9 according to the IS-41 
protocol. Another way is to provide a solely satellite 
based service, provided through the backbone network 
5 and the SANs. An alternative way is to provide the sat- 
ellite based service as an extension of the PLMN 9 so 

25 that the user of terminal UT 1 uses the Home PLMN 9 
when in range, other PLMNs when roaming in respect 
of land-based networks, or alternatively the satellite net- 
work. Thus, the satellite network can allow the user ter- 
minal to be operated worldwide, outside of the range of 

30 terrestrial PLMNs, or the satellite service can provide an 
alternative to the PLMN when within range. These alter- 
natives will now be discussed in more detail: 



35 



a) Conventional PLMN service 



When the mobile user terminal UT 1 is within the 
coverage area of the PLMN 9 shown in Figure 1 , it can 
be operated in a conventional manner with the land- 
based network. The user terminal UT 1 is set, using the 

40 keypad 23 (Figure 4) so as to transmit and receive using 
the codec 29a and the radio interface 30a appropriate 
for IS-41 communication over the duplex link 1 1 shown 
in Figure 1 . The user terminal UT 1 is thus registered 
with VLR1 of the IS-41 network shown in Figure 2. Prior 

45 to registration, a conventional IS-41 authentication pro- 
cedure is carried out, as will be explained later. Galls 
can then be routed from the telephone set 7 shown in 
Figure 1 , through the PSTN 6 to the PLMN 9 and hence 
to the user terminal UT 1 , over the duplex link 1 1 . The 

so incoming call is routed to the HLR of the network 9 and 
the MIN corresponding to the telephone number for the 
incoming call is determined from a look-up table in the 
HLR. The HLR also includes a table of the user termi- 
nals currently registered with the network 9. and from 

55 this data, the call can then be routed to the relevant BTS 
with which the destination user UT is currently regis- 
tered. 
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b) Satellite Service Provision 

For this mode of operation, a "stand-alone" satellite 
service is provided through the backbone network 5. 
Referring to Figure 3, the satellite service provision 5 
makes use of the satellite home location register (HLR- 
sat) tnat contains records including the IMSI relating to 
each mobile user. 

Referring again to Figure 1 , when a call from tele- 
phone set 7 is to be routed through PSTN 6 to the satel- 10 
lite service, the satellite service network has a 
predetermined telephone number prefix, together with a 
unique telephone number for the user. The call is routed 
through PSTN 6 and gateway GW1 to SAN 1 in this 
example. The SAN 1 then queries the satellite home 75 
location register HLRsat f° r tri e currently registered 
location of the user i.e. the VLR SAT with which the IMSI 
is currently registered. This operates in the same way 
as a GSM HLR and the IMSI corresponding to the tele- 
phone number for the incoming call is determined from 20 
a look up table in the HLR SAT . Also the HLR includes a 
table of the current location of the user terminals cur- 
rently registered with the network, this information hav- 
ing been fed to the HLR from the VLRs SAT associated 
with the individual SANs. From this comparison, the call 25 
can then be routed to the relevant SAN with which the 
destination user UT is currently registered. The call is 
then routed from the SAN through an appropriate satel- 
lite link to the user terminal UT 1. Billing-information is 
accumulated in the HLR SAT . 30 

As specific examples of the satellite service, a call 
made from telephone 7 can be routed to user terminal 
UT 1 having an IMSI A via PSTN 6, GW 1, SAN 1 and 
satellite 3a, or a call can be made from UT 2 with (MSI 
B to UT 1 via SAN 2, backbone network 5 and SAN 1 . 35 

A full duplex link is established via the satellite 3a, 
with the signal formats being generally in accordance 
with the GSM recommendations. Thus, duplex voice 
communication channels are provided together with the 
other signal formats supported by GSM, including the 40 
short message service (SMS) and unstructured supple- 
mentary service data (USSD). SMS is described in 
more detail in The GSM System for Mobile Communi- 
cations" by M. Mouly and M-B. Pautet, on page 56 and 
allows short text messages to be transmitted to a mobile 45 
user terminal to be displayed on its display, i.e. the dis- 
play 25 shown in Figure 4. For further details of USSD, 
reference is directed to GSM Technical Specification 
GSM 02.90 November 1996, Version 5.0.0, published 
by ETSI, F-06291, Sophia Antipolis, Cedex, France, so 
Briefly. USSD permits unstructured digital data mes- 
sages to be transmitted between elements of a network 
operating according to the GSM protocol. 

This form of service provision is attractive for users 
in remote locations where no PLMN exists. 55 



(c) Satellite service as an extension to existing IS-41 
PLMN service 

In this m ode of operation, the satellite service is 
used as a roamed network, so as to provide an exten- 
sion to the coverage area provided by the IS-41 PLMN 
9. As previously explained, in some circumstances, it 
may be desirable to use the satellite network in prefer- 
ence to the IS-41 network in order to make use of 
enhanced services not available through the IS-41 net- 
work, but which can be accessed through the satellite 
network. Also, the satellite network can be used in 
areas where there is no IS-41 service, thus permitting 
the dual mode handset UT 1 to be used throughout the 
world, in addition to the coverage area of the IS-41 net- 
work 9. For this mode of operation, the satellite network 
is treated as a roamed network for the PLMN 9 so that 
calls which are routed through satellite network are 
billed using the existing facilities of the PLMN 9. 

For this mode of operation, the user terminal UT 1 
is set for operation at the satellite frequency network, by 
operation of keypad 23 to select codec 29b and radio 
interface 30b, for communication via antenna 24b over 
the duplex link 1 , 2 via satellite 3a. The user terminal UT 
1 thus registers with one of the VLRs S at of * n © satellite 
network. In this example, it is assumed that it has regis- 
tered with VLR1 SAT shown in Figure 2. This registration 
information is transferred to the IWF 32, where a record 
of the IMSI for UT 1 and its registration with VLR SAT is 
stored. Also, as previously explained, the HLR| WF con- 
tains a database of all IMSts of user terminals which are 
permitted to interwork with the IS-41 network, together 
with their corresponding MINs. The registration informa- 
tion is transferred to the VLR )WF shown in Figure 7 and 
communicated to the HLR of the IS-41 network 9 shown 
in Figure 2. 

When an incoming call from telephone set 7 shown 
in Figure 1 , is routed through PSTN 6, over line 18 (Fig- 
ure 2) to the PLMN 9, it is initially directed to the HLR of 
PLMN 9 from which routing information is determined 
for routing the call over line 19, through the PSTN 6, to 
the gateway GW 1 , and thence through SAN 1 and the 
duplex link 1 , 2 via satellite 3a, to the user terminal UT 
1. 

Authentication procedure 

Different authentication procedures need to be 
used for these three different service provisions, in 
order to determine that the user terminal may be permit- 
ted to be registered with the networks, as will now be 
described in detail: 

a) Authentication for conventional PLMN service 

When service option (a) described above is 
selected, a conventional IS-41 authentication procedure 
is carried out prior to registering the user terminal 1 with 
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VLR 1 of PLMN 9. This conventional authentication pro- 
cedure will now be described with reference to Figure 8. 

In response to an authentication request from user 
terminal UT 1 , the authentication centre AC of PLMN 9 
generates at step S8.1 a request for the user terminal s 
UT 1 to generate shared secret data (SSD) in accord- 
ance with the conventional IS-41 protocol, the request 
being transmitted through the network in a conventional 
manner. As well known to those skilled in the art, the 
user terminal UT 1 stores a secret or A-key which is io 
unique to the user terminal, together with its unique 
MIN. The A-key and the corresponding MIN are stored 
in the network in the secure authentication centre AC. A 
feature of the IS-41 SSD generation technique is that 
the A-key cannot be determined from the SSD by 15 
reverse engineering techniques. 

As step S8.2, the SSD is generated from the A-key, 
both at the user terminal UT 1 and at the AC. 

Then, at step S8.3, the MIN for user terminal UT 1 
is transmitted through the network to MSC 1. Then, at 20 
step S8.4, a challenge in the form of a random number 
RAND is generated in MSC 1 and transmitted through 
the network to user terminal UT 1 . 

Both the user terminal UT 1 and the authentication 
centre AC hold a copy of the IS-41 CAVE algorithm. As 2s 
known in the art, a CAVE algorithm operates the SSD 
and RAND as inputs to produce an authentication 
response AUTHR. At step S8.5, the CAVE algorithm is 
run using the locally generated SSD and the value of 
RAND received from MSC 1 , to produce AUTHR, which 30 
is then transmitted to from user terminal UT 1 to MSC 1 , 
step S8.6. Then, at step S8.7, the values of MIN, RAND 
and AUTHR are transmitted from MSC 1 via the HLR, to 
the authentication centre AC. 

Then, at step S8.8, the CAVE algorithm is run 35 
locally at the AC using the locally generated SSD 
together with the receive value of RAND to produce 
AUTHR. The AUTHR produced at the AC is then com- 
pared with the AUTHR received from UT 1 at step S8.9 
and a RESPONSE depending on the outcome, is trans- 40 
mitted to the HLR of PLMN 9. If both versions of AUTHR 
are the same, the RESPONSE indicates to the HLR that 
successful authentication has been achieved. However, 
if the AUTHRs are different, the HLR is instructed to bar 
registration of UT 1 with VLR 1 . 45 

A modified authentication procedure is shown in 
Figure 9 in which the comparison of the two values of 
AUTHR is carried out at MSC 1 . In this procedure, after 
transmission of the SSD request at step S9.1, the SSD 
generated at the AC is communicated to MSC 1. The so 
authentication procedure then proceeds through steps 
S9.4 to S 9.7. which correspond to steps S8.3 to S8.6 in 
Figure 8. The CAVE algorithm is then run, at step S9.8. 
at the MSC 1, rather than at the AC as in Figure 8, to 
produce a value of AUTHR. which is compared with the 55 
value of AUTHR transmitted from handset UT 1 at step 
S9.7, in order to produce the response at step S9.9. 

The modified procedure of Figure 9 has the advan- 
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tage that it is not necessary to refer back to the AC for 
each authentication, due to the fact that the SSD has 
been transmitted to MSC1 . 

b) Authentication for satellite service provision 

When the service provision b) discussed above is 
used, authentication for user terminal UT 1 is carried out 
according to an authentication process shown in Figure 
10. 

As previously mentioned, the user terminal UT 1 
includes a SIM smartcard which stores a unique IMSI, a 
unique identification function Ki and a GSM encryption 
algorithm A5, according to the GSM Recommendations 
(Figure 6). The registration and authentication proce- 
dure involves transmitting the IMSI to the GSM authen- 
tication centre AuC associated with the satellite network 
(Figure 3) and comparing data from the SIM with data 
from the authentication centre AuC at MSSC 1 . 

In a first step S10.1 shown in Figure 10, the IMSI is 
transmitted from UT 1 via MSSC 1, to the HLR SAT , 
where it is routed to the authentication centre AuC. As 
previously mentioned, the authentication centre AuC 
includes a copy of the identification function Ki associ- 
ated with each respective IMS! which is valid for use on 
the GSM network. 

At step S10.2. the IMSI is checked in the memory of 
the AuC, and a corresponding value of Ki is retrieved. 
Also, a random number RAND is generated in the AuC 
using a random number generator (not shown). The 
random number RAND and the value of Ki are applied, 
in the AuC, as inputs to the GSM algorithm A3 to gener- 
ate a signed result SRES. The AuC also includes the 
GSM algorithm A8 which generates a secret key Kc that 
is used for encryption/decryption of data transmitted 
over the air between the user terminal and the SAN. In 
practice, the algorithms A3/A8 may be constituted by a 
single algorithm producing a 96 bit output of which 32 
bits constitute SRES and the remaining 64 bits consti- 
tute Kc. 

At step S10.3, a triplet of signals comprising RAND, 
SRES and Kc is fed from the authentication centre AuC, 
through the HLR SAT to MSSC 1 . In practice, n triplets 
are supplied to MSSC 1 for use in subsequent authenti- 
cations, for example during a call, but the processing of 
only one triplet will be considered herein in order to sim- 
plify the explanation. 

At step S10.4, the individual value of RAND is 
transmitted on to the user terminal through the network 
from the MSSC. The SIM of the user terminal UT 1 
stores the algorithm A3/A8 so that, at step S10.5, a cor- 
responding value of SRES' is generated at the user ter- 
minal UT 1 from the received value of the random 
number RAND and the stored value of Ki in the SIM. 

The value of SRES' is transmitted back at step 
S10.6 through the network to MSSC 1 and compared at 
step S10.7 with the originally generated value of SRES. 
If they are the same, the user terminal is authenticated 



9 



BNSDOClD:<EP 0883318A1 I > 



17 EP 0 883 3H8 M 18 



but otherwise registration of the user terminal UT 1 with 
VLFU a T 1 is barred. 

f : the authentication is successful, MSSC 1 initiates 
encryption/decryption of data transmitted over the net- 
work, using an algorithm referred to in the GSM Specifi- 
cations as A5, which uses as its inputs, the secret key 
Kc and the frame number of data transmitted through 
the network. The SIM of the user terminal UT 1 gener- 
ates its own value of the secret key Kc using its locally 
stored copy of the algorithm A8. The local value of Kc at 
the user terminal UT 1 can then be used to 
encrypt/decrypt data, using a locally held copy of the 
algorithm A5. 

It will be understood that only essentially random 
numbers are transmitted over the air interface, which 
have no relation to one another, which minimises the 
risk of cloning or unauthenticated use. 

Assuming that the authentication procedure is suc- 
cessful, calls can be routed to UT 1 through the satellite 
network according to service provision option (b) dis- 
cussed above. 

c) Authentication k>t satellite service when use as a 
roamed extension to the tS-4 1 PLMN 9. 

When the service provision option (c) discussed 
above, is used, i e when the satellite service is used as 
a roamed network tor the IS-41 network 9. the service 
provider for the IS-4 1 network seeks secure, end-to-end 
authentication between the authentication centre AC of 
the network 9 and the user terminal UT 1 in order to pro- 
vide assurance that the billing information provided from 
the satellite network to the PLMN 9 is accurate. How- 
ever, the authentication procedures for the satellite net- 
work and the IS-41 network 9 are different, and 
incompatible The present invention provides a solution 
to this piobiem and allosfs end-to-end authentication to 
be earned out between the user terminal and the 
authentication centi e ot the IS-41 network. 

In accordance wth me invention, IS-41 authentica- 
tion signals that ai e transmitted between the user termi- 
nal UT 1 and tne IS-41 network 9, through the satellite 
netwoik, aie ertuxted ck> GSM USSD and are commu- 
nicated between the satellite network and the IS-41 net- 
work 9, through the mterworking function IWF 32. 

The overall scheme is shown in schematic form, in 
Figure 11 As a flirot stage, the user terminal UT 1 is 
authenticated tot use with a satellite network in the 
manner desoioed previously with reference to Figure 
10. This is shown as step S1 1 1 . 

Thereafter at step Si 1 2. the AC of the IS-41 net- 
work 9 instructs the user terminal UT 1 to perform an 
SSD update and a corresponding update is performed 
at the AC. This will be described in detail hereinafter, 
with reference to Figure 1 2 

Then, at step Si 1.3, an end-to-end authentication 
is carried out as will be described in detail hereinafter 
with reference to Figure 13. A modification of the 



authentication process will also be described with refer- 
ence to Figure 14. 

SSD update 

5 

Referring to Figure 12, in order to initiate the 
authentication process, the authentication centre AC, at 
step S12.1 sends a SSD update request through the IS- 
41 network 9 to the VLR, W f o f IWF 32 « and thence 

10 to the HLR )WF (Figure 7). The update request is in 
respect of a specific MIN corresponding to the MIN of 
user terminal UT 1 . The HLR| W f from its database of 
MINs and IMSIs determines the corresponding IMSI for 
UT 1 and packages the update request as a USSD i.e. 

is an unstructured message suitable for transmission 
according GSM protocol. The packaging is carried out 
at step S1 2.2. 

At step S12.3, the USSD is transmitted over the sat- 
ellite network to the user terminal UT 1 at step S12.4 is 

20 decoded by the controller 28 (Figure 6). The message is 
recognised as a request to update the SSD which is 
then carried out and the update is stored in the memory 
M 2 shown in Figure 5. 

Also, at step S12.4, the SSD is updated at the AC in 

25 the IS-41 network 9. 

End-to-end Authentication 

Referring now to Figure 13, end-to-end authentica- 
30 tion is then carried out to ensure that the user terminal 
UT 1 , when roaming from the IS-41 network 9 to the sat- 
ellite network, can be validly registered with the VLR SAT 
of the satellite network. 

It will be recalled that during the initial satellite 
35 authentication procedure (step S11.1 in Figure 11 and 
Figure 10) the IMSI of UT 1 was communicated from the 
user terminal to the satellite network and the IMSI was 
registered in VLR 1 £AT . As part of this process, the IMSI 
is communicated to HLR| WF of the IWF 32. It will also be 
40 recalled that the HLR )W f contains a table of IMSIs and 
their corresponding MINs. Referring to Figure 13, at 
step S13.1 , the MIN corresponding to the IMSI for UT 1 
is transmitted from HLR| WF to the VLR fW F 

At step S13.2, the VLR, WF produces a challenge in 
45 the form of a random number RAND according to con- 
ventional IS-41 protocol, and both RAND and MIN are 
transmitted back to the HLR, WF At step S13.3, the 
HLR| WF determines the IMSI which corresponds to the 
MIN and forms a USSD containing the challenge RAND, 
so which is then transmitted over the satellite network 
according to GSM protocol, to the user terminal UT 1. 
The format of the USSD is shown in more detail in Fig- 
ure 15 and consists of a header portion 35 and a mes- 
sage portion 36. The controller 28 of the user terminal 
55 UT 1 (Figure 6) recognises the header portion 35 as 
being a challenge, and it takes the challenge as an 
instruction to run the CAVE algorithm as shown at step 
S13.4. The CAVE algorithm uses as its inputs the MIN 
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stored in the NAM 31 of UT 1 shown in Figure 5, 
together the updated SSD stored in memory M 2 of UT 
1 , produced as a result of the update process described 
with reference to Figure 12, at step S12.3. 

AUTHR is produced as a result of running the s 
CAVE algorithm, and at step S13.5, the UT 1 packages 
a USSD, in GSM format, to include AUTHR, which is 
then transmitted over the satellite network to the 
HLR !WF 

At step S13.6, the USSD with AUTHR is unwrapped 10 
and the MIN, held at the HLR, WF together with AUTHR, 
is transmitted to the VLR )WF where the initial value of 
the challenge RAND, is collected and the triplet of sig- 
nals, MINI, RAND and AUTHR, are transmitted in IS-41 
format through the PLMN 9 to the authentication centre is 
AC. 

Then, at step S13.8, the CAVE algorithm is run 
locally at the AC. The CAVE algorithm uses as its inputs 
the updated SSD, together with RAND as transmitted 
thereto at step S13.7. The locally produced value of 20 
AUTHR is then compared with the value transmitted to 
the AC at step S13.7, from UT 1 . At step S13.9, a signal 
RESPONSE is produced depending on the outcome of 
the comparison of the two authorization response 
AUTHR If they are the same, successful authentication 25 
has been achieved. In this situation, user terminal UT 1 
is permitted to register with the satellite network in VLR 
1sat Otherwise, the registration of the UT 1 is removed 
from VLR SAT . 

From the foregoing, it will be seen that the authenti- 30 
cation centre AC operates as a checking station to com- 
pare the authentication responses produced by UT 1 
and the AC. In a modification shown in Figure 14, the 
VLR, vyf can perform the function of the checking sta- 
tion. In this procedure, the initially produced SSD is 35 
transmitted at step 14.1 from the AC to the VLR| WF 
which, in a similar manner to the modification described 
with reference to Figure 9, avoids the need to transmit 
signals back and forth between the AC for successive 
authentications. *o 

Many other modifications fall within the scope of the 
invention. For example, whilst the invention is described 
in relation to the ICO™ satellite network, other satellite 
networks could be used, e.g. of the types discussed 
hereinbefore, with different satellite constellation and 45 
signal transmission protocols. 

Also, the invention can be used to provide authenti- 
cation for a IS-41 user terminal which roams to a GSM 
land based network, rather than roaming to a satellite 
network as previously described. so 

Also, whilst the signal communication on the paths 
1. 2 utilises a TDM A access protocol, others could be 
used, such as code division multiple access (CDMA) or 
frequency division multiple access (FDMA). 

Although for the sake of convenient explanation, the ss 
term "mobile" has been used to denote the user termi- 
nals UT, it should be understood that this term is not 
restricted to hand-held or hand portable terminals, but 



includes, for example, terminals to be mounted on 
marine vessels or aircraft, or in terrestrial vehicles. Also, 
it is possible to practice the invention with some of the 
terminals being completely or at least partially immo- 
bile. 

It will be understood that various components of the 
described examples of the invention may be located in 
different national jurisdictions. For the avoidance of 
doubt, the present invention extends to any part of com- 
ponent of the telecommunications apparatus or sys- 
tems, which contributes to the inventive concept. 

Claims 

1. A method of authenticating a user terminal which 
has roamed from a first network that uses a first 
authentication protocol, to a second network that 
uses a second, different authentication protocol, 
comprising: 

transmitting an authentication challenge to the 
user terminal according to the protocol of the 
first network, through the second network, 
providing a response at the user terminal to the 
challenge in accordance with the first authenti- 
cation protocol, 

transmitting the response through the second 
network, to a checking station, and 
comparing the response at the checking station 
with corresponding authentication data for the 
first network according to the first protocol so 
as to authenticate the user terminal according 
to the first protocol for use with the first net- 
work. 

2. A method according to claim 1 wherein the authen- 
tication challenge is transmitted to the user terminal 
through the second network, packaged as a mes- 
sage in a data format pertinent to the second net- 
work. 

3. A method according to claim 3 wherein the first net- 
work is configured in accordance with IS-41 recom- 
mendations, and the second network is configured 
in accordance with GSM recommendations. 

4. A method according to claim 4 including packaging 
the challenge and the response as a USSD or 
SMS. 

5. A method according to any preceding claim includ- 
ing authenticating the roamed user terminal for use 
with said second network in accordance with the 
second protocol, and only authenticating the termi- 
nal in accordance with the first protocol il the 
authentication according to the second protocol is 
successful. 
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6. A method according to claim 5 including: 

transmitting an initial authentication challenge 
to the user terminal according to the protocol of 
the second network, through the second net- 
work, 

providing a response at the user terminal to the 
challenge according to a predetermined algo- 
rithm in accordance with the second authenti- 
cation protocol, 

transmitting the response through the second 
network to a checking station for the second 
network, and 

comparing the response at the checking station 
for the second network with authentication data 
according to the second protocol to authenti- 
cate the user terminal for use with the second 
network. 

7. A method according to any preceding claim 
wherein the second network is a satellite network. 

8. A method of authenticating a user terminal which 
has roamed from a first network that uses a first 
authentication protocol, to a second network that 
uses a second, different authentication protocol, 
comprising: 

receiving an authentication challenge at the 
user terminal according to the protocol of the 
first network, transmitted thereto through the 
second network, 

providing a response at the us'er terminal to the 
challenge in accordance with the first authenti- 
cation protocol. 

transmitting the response at the user terminal 
using the second network, towards a checking 
station whereby to permit the response to be 
compared with corresponding authentication 
data for the first network according to the first 
protocol so as to authenticate the user terminal 
according to the first protocol for use with the 
first network. 

9. A method according to claim 8 including: 

receiving an authentication challenge at the 
user terminal according to the protocol of the 
second network, transmitted thereto through 
the second network, 

providing a response at the user terminal to the 
challenge in accordance with the second 
authentication protocol, 
transmitting the response at the user terminal 
using the second network, towards a checking 
station whereby to permit the response to be 
compared with corresponding authentication 
data for the second network according to the 



second protocol so as to authenticate the user 
terminal according to the second protocol for 
use with the second network. 

s 1 0. A user terminal for roaming from a first network that 
uses a first authentication protocol, to a second net- 
work that uses a second, different authentication 
protocol, comprising: 

w a receiver to receive an authentication chal- 

lenge according to the protocol of the first net- 
work, through the second network, 
means operative to provide a response to the 
challenge in accordance with the first authenti- 

15 cation protocol, 

and a transmitter operative to transmit the 
response through the second network, for per- 
mitting the response to be compared at a 
remote checking station with corresponding 

20 authentication data for the first network accord- 

ing to the first protocol, for authenticating the 
user terminal according to the first protocol, for 
use with the first network. 

25 1 1 . A user terminal according to claim 1 0 including: 

a receiver to receive an authentication chal- 
lenge according to the protocol of the second 
network, through the second network, 

30 means operative to provide a response to the 

challenge in accordance with the second 
authentication protocol, 
and a transmitter operative to transmit the 
response through the second network, for per- 

35 mitting the response to be compared at a 

remote checking station with corresponding 
authentication data for the second network 
according to the second protocol, for authenti- 
cating the user terminal according to the sec- 

40 ond protocol, for use with the second network 

1 2. A user terminal operative according to GSM recom- 
mendations and IS-41 recommendations, and 
responsive to an IS-41 challenge packaged as a 

45 USSD or SMS, to produce a IS-41 response, trans- 
mitted as a SMS or USSD. 

13. An interworking function unit for providing inter- 
working between a first and second telecommuni- 

50 cations networks operative according to a first and 
second different sets of recommendations with 
respective first and second authentication proto- 
cols, for use in authenticating a user terminal which 
has roamed from the first network to the second 

55 network, comprising: 

means for routing an authentication challenge 
according to the protocol of the first network, 
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towards a user terminal, through the second 
network, 

means to receive from the user terminal, 
through the second network, a response to the 
challenge in accordance with the first authenti- s 
cation protocol, and 

means for routing the response in a format in 
accordance with the recommendations for the 
first network, towards a checking station at 
which it is compared with corresponding io 
authentication data for the first network accord- 
ing to the first protocol so as to authenticate the 
user terminal for use with the first network. 

14. An interworking unit according to claim 13 and 15 
including the checking station. 

15. An interworking unit according to claim 13 and cou- 
pled to the first network, said checking station being 

in the first network. 20 

16. An interworking unit according to claim 13, 14, or 15 
operative to direct the authentication challenge 
towards the user terminal through the second net- 
work, packaged as a message in a data format per- 25 
tinent to the second network 

17. An interworking unit according to claim 16 wherein 
the first network is configured in accordance with 
IS-41 recommendations, and the second network is 30 
configured in accordance with GSM recommenda- 
tions. 

18. An interworking unit according to claim 17 including 
means for packaging the challenge and the 35 
response as a USSD or SMS. 

19. A system for authenticating a user terminal which 
has roamed from a first network that uses a first 
authentication protocol, to a second network that 40 
uses a second, different authentication protocol, 
comprising: 

means operative to transmit an authentication 
challenge to the user terminal according to the 45 
protocol of the first network, transmitted thereto 
through the second network, 
means for providing a response at the user ter- 
minal to the challenge in accordance with the 
first authentication protocol, so 
means for transmitting the response through 
the second network, to a checking station, and 
means for comparing the response at the 
checking station with corresponding authenti- 
cation data for the first network according to the 55 
first protocol so as to authenticate the user ter- 
minal according to the first protocol for use with 
the first network. 
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